CVE-2020-26218

Summary

touchbase.ai before version 2.0 is vulnerable to Cross-Site Scripting. The vulnerability allows an attacker to inject HTML payloads which could result in defacement, user redirection to a malicious webpage/website etc. The issue is patched in version 2.0.

Affected Software

VendorProductVersion RangeStatus
puncskytouchbase.ai< 2.0affected

Weaknesses

  • CWE-80: {"CWE-80":"Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"}
  • CWE-79: {"CWE-79":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}

ADP Enrichment

CVE Program Container

Additional References

References